High-Severity Bug in Cisco Industrial Enterprise Tool Allows RCE

cisco industrial network director bug

Bug allows for a remote attacker to execute arbitrary code on industrial, enterprise tools.

A high-severity bug has been found that allows remote attackers to hijack Cisco’s enterprise-class Industrial Network Director. The vulnerability was made public Wednesday along with a patch; there are no workarounds for the bug and a software patch is required, Cisco said.

Cisco’s Industrial Network Director is a network management platform for visualizing industrial assets, and securing and managing them.

“The vulnerability (CVE-2019-1861) is due to improper validation of files uploaded to the affected application,” Cisco wrote in its security advisory. “An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.”

Impacted are versions of Industrial Network Director prior to the 1.6.0 release.

One Wednesday Cisco also released a fix for an additional high-severity flaw found in TelePresence VCS and multiple releases of its Unified Communications Manager (versions X8.1 to X12.5.2) products.

“A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service condition,” Cisco wrote in its advisory on the bug (CVE-2019-1845).

The vulnerability traces back to insufficient controls for specific memory operations, it said.

Meanwhile, on Monday, Cisco also released an update to a high-severity denial-of-service vulnerability (CVE-2019-1849), originally made public on May 15.

Cisco said this bug impacts routers running a vulnerable release of Cisco IOS XR Software and that are participating in a Border Gateway Protocol (BGP) Multiprotocol Label Switching (MPLS)-based Ethernet VPN (EVPN).

“[An] implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a denial-of-service condition on an affected device,” Cisco wrote.

And also of note, on Thursday Cisco released a patch for a medium-severity remote file injection bug (CVE-2019-1860). On Wednesday it released patches for an additional seven medium-severity vulnerabilities.

Last month, Cisco had an unusually busy patching month, tackling everything from a critical vulnerability in the Cisco Elastic Services Controller, a high-severity bug in its web-based user interface (Web UI) of the Cisco IOS XE Software and a flaw in the Secure Boot trusted hardware root-of-trust affecting several model routers, switches and firewalls — this latter bug is still not patched for many of the millions of devices it affects.

Ransomware is on the rise: Don’t miss our free Threatpost webinar on the ransomware threat landscape, June 19 at 2 p.m. ET. Join Threatpostand a panel of experts as they discuss how to manage the risk associated with this unique attack type, with exclusive insights into new developments on the ransomware front and how to stay ahead of the attackers.

Suggested articles